There's always the (not very pretty) walkaround of setting up a plain
TCP input and "wrapping" it in stunnel-provided encryption listening on
another port.
Mariusz Kruk
Ekspert ds. Bezpieczeństwa IT
COMP S.A.
Pion Cyberbezpieczeństwa i Zarządzania Ryzykiem
e-mail: [email protected]
e-mail: [email protected]
tel: +48 608 623 299
On 31.07.2020 22:18, Dalibor Pospíšil via rsyslog wrote:
I'm not sure how to activate both module at the same time while they
are of the same type. The only difference is NetStream driver.
Can you provide a configuration snippet to illustrate it?
I would like basically something like this:
module( # instance 1
load="imtcp"
StreamDriver.AuthMode="x509/name"
StreamDriver.Mode="1"
StreamDriver.Name="gtls"
)
input( # instance 1
type="imtcp"
Port="6514"
)
module( # instance 2
load="imtcp"
)
input( # instance 2
type="imtcp"
Port="514"
)
Obviously, one would say the configuration should look like:
module(
load="imtcp"
)
input(
type="imtcp"
Port="6514"
StreamDriver.AuthMode="x509/name"
StreamDriver.Mode="1"
StreamDriver.Name="gtls"
)
input(
type="imtcp"
Port="514"
)
which would be equal to omfwd but this is not possible, AFAIK.
Dalibor
On 31. 07. 20 14:10, Naoum, A. (Alexandros) wrote:
You need:
a) activate both modules for plain TCP and TLS
b) have rules which will be bind on the specific module and the port
that will be used. In that way rsyslog will listen on both ports.
It is the same case like having UDP and TCP. TLS will be different
module with the special driver for encryption enabled (gtls or ossl).
Regards,
Alexandros
-----Original Message-----
From: rsyslog <[email protected]> On Behalf Of
Dalibor Pospíšil via rsyslog
Sent: Friday, July 31, 2020 11:36 AM
To: [email protected]
Cc: Dalibor Pospíšil <[email protected]>
Subject: [rsyslog] server with TLS and non-TLS incoming TCP connections
Hello,
I was wondering how to setup a rsyslog server to accept both TLS and
non-TLS connection over TCP.
On the client side it is possible as all the relevant options are
placed in the omfwd action itself. However, on the server side the
options a located in the module, not in the input. So all the related
inputs "inherit" the TLS setting from the module.
It there a way to split it?
The usecase:
I have system producing logs. Some of the systems are not capable of
TLS.
I want to collect logs from all the clients so I need to open one
port for incoming TLS connections and one for non-TLS at the same time.
I can imagine running separate rsyslog instance for TLS connections
forwarding the traffing locally to instance with non-TLS or vice
versa. But that's not really efficient solution.
Thanks,
Dalibor
_______________________________________________
rsyslog mailing list
https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.adiscon.net%2Fmailman%2Flistinfo%2Frsyslog&data=02%7C01%7Calexandros.naoum%40nn.cz%7C1cac9eeb6e9d4167b8fd08d835352a3e%7Cfed95e698d7343feaffba7d85ede36fb%7C1%7C0%7C637317849760749626&sdata=gkVY2%2BmdyJ6TSa%2FUyUWRlwM1yWA9xpNI8gfI8GEVhYQ%3D&reserved=0
https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.rsyslog.com%2Fprofessional-services%2F&data=02%7C01%7Calexandros.naoum%40nn.cz%7C1cac9eeb6e9d4167b8fd08d835352a3e%7Cfed95e698d7343feaffba7d85ede36fb%7C1%7C0%7C637317849760749626&sdata=6sUJf1HsYkvGBSAoaPz7CQYOF9QG3T5KylTKOFtRDfE%3D&reserved=0
What's up with rsyslog? Follow
https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Frgerhards&data=02%7C01%7Calexandros.naoum%40nn.cz%7C1cac9eeb6e9d4167b8fd08d835352a3e%7Cfed95e698d7343feaffba7d85ede36fb%7C1%7C0%7C637317849760749626&sdata=LjqBmgdT8eafWlroRj3HaVdH3rFXOtqfp7XXN0xrWCg%3D&reserved=0
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST if you DON'T LIKE THAT.
This message (including any attachments) may contain confidential
information. It is intended for use by the recipient only. Any
dissemination, copying or distribution to third parties without the
express consent of the sender is strictly prohibited. If you have
received this message in error, please delete it immediately and
notify the sender. Thank you for your collaboration.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
